APPLIED: [SRU Mantic][PATCH 0/9] CVE-2024-2201 (v2)
Stefan Bader
stefan.bader at canonical.com
Mon Apr 15 13:12:08 UTC 2024
On 15.04.24 11:48, Stefan Bader wrote:
> [Impact]
> Native BHI attack, a Spectre v2 variant, allows local unprivileged attackers to
> obtain kernel memory information without the help of unprivileged eBPF, negating
> to the previous belief that unprivileged eBPF is the only real-world source of
> such an attack. Also, this vulnerability affects KVM as well.
>
> [Backport]
> There is a conflict in reverse_cpuid.h due to lack of 80c883db87d9 (“KVM: x86:
> Use a switch statement and macros in __feature_translate()”) commit.
> There are also some context conflict in cpufeature.h. This v2 takes the
> changes from the merge commit and integrates them into the individual
> changes from linux-6.6.y.
> Also updated in v2 is the annotations change to set the auto mode by
> default.
>
> [Test]
> Compiled only (doing this again in parallel to submission)
>
> [Where things could go wrong]
> This patch is more about enabling CPU features and reducing branch history
> exposed, therefore, that the system is able to boot and run should denote that
> it is not introducing any regression.
>
> For KVM, the most significant impact is the performance regression due to system
> call substitution since branch prediction probably won't perform as fast as the
> previous version for users who do not care about the mitigation.
>
> Daniel Sneddon (2):
> x86/bhi: Define SPEC_CTRL_BHI_DIS_S
> KVM: x86: Add BHI_NO
>
> Josh Poimboeuf (1):
> x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
>
> Linus Torvalds (1):
> x86/syscall: Don't force use of indirect calls for system calls
>
> Pawan Gupta (4):
> x86/bhi: Add support for clearing branch history at syscall entry
> x86/bhi: Enumerate Branch History Injection (BHI) bug
> x86/bhi: Add BHI mitigation knob
> x86/bhi: Mitigate KVM by default
>
> Yuxuan Luo (1):
> UBUNTU: [Config] Set CONFIG_BHI to enabled
>
> Documentation/admin-guide/hw-vuln/spectre.rst | 48 ++++++-
> .../admin-guide/kernel-parameters.txt | 12 ++
> arch/x86/Kconfig | 25 ++++
> arch/x86/entry/common.c | 10 +-
> arch/x86/entry/entry_64.S | 61 +++++++++
> arch/x86/entry/entry_64_compat.S | 16 +++
> arch/x86/entry/syscall_32.c | 21 ++-
> arch/x86/entry/syscall_64.c | 19 ++-
> arch/x86/entry/syscall_x32.c | 10 +-
> arch/x86/include/asm/cpufeatures.h | 11 ++
> arch/x86/include/asm/msr-index.h | 9 +-
> arch/x86/include/asm/nospec-branch.h | 17 +++
> arch/x86/include/asm/syscall.h | 11 +-
> arch/x86/kernel/cpu/bugs.c | 121 ++++++++++++++++--
> arch/x86/kernel/cpu/common.c | 24 ++--
> arch/x86/kernel/cpu/scattered.c | 1 +
> arch/x86/kvm/reverse_cpuid.h | 5 +
> arch/x86/kvm/vmx/vmenter.S | 2 +
> arch/x86/kvm/x86.c | 3 +-
> debian.master/config/annotations | 3 +
> 20 files changed, 382 insertions(+), 47 deletions(-)
>
Applied to mantic:linux 2024.04.01-3. Since we are rather late and this
is urgent I decided to go ahead with just one ack. Thanks.
-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240415/d5d4f642/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240415/d5d4f642/attachment-0001.sig>
More information about the kernel-team
mailing list